Hmm, what was the message that you got back when you executed this stement?
----
Rodney Broom
----- Original Message -----
From: "Omri Tintpulver" <[EMAIL PROTECTED]>
To: "'Rodney Broom'" <[EMAIL PROTECTED]>
Sent: Tuesday, 14 November, 2000 07:07
Subject: RE: Problem with single quote ' character
> Hi Rodney, thanks very much for your reply. I'm trying it now, but I'm doing
> something wrong. Here's what I have, could you take a look at it?
>
> #parse query string and enter into database if query string exists
>
> my $authors = $query{'authors'};
> my $title = $query{'title'};
> my $year = $query{'year'};
> my $source = $query{'source'};
> my $topic = $query{'topic'};
> my $purpose = $query{'purpose'};
> my $sample = $query{'sample'};
> my $gmc = $query{'gmc'};
> my $process = $query{'process'};
> my $outcome = $query{'outcome'};
> my $rater = $query{'rater'};
> my $results = $query{'results'};
> my $refs = $query{'refs'};
> my $notes = $query{'notes'};
> my $therapy = $query{'therapy'};
> my $analysis = $query{'analysis'};
> my $critique = $query{'critique'};
> my $getcopy = $query{'getcopy'};
> my $id = $query{'id'};
>
>
> #make sure all single quotes are escaped
>
> $q_authors = $dbh->quote($authors);
> $q_title = $dbh->quote($title);
> $q_year = $dbh->quote($year);
> $q_source = $dbh->quote($source);
> $q_topic = $dbh->quote($topic);
> $q_purpose = $dbh->quote($purpose);
> $q_sample = $dbh->quote($sample);
> $q_gmc = $dbh->quote($gmc);
> $q_process = $dbh->quote($process);
> $q_outcome = $dbh->quote($outcome);
> $q_rater = $dbh->quote($rater);
> $q_results = $dbh->quote($results);
> $q_refs = $dbh->quote($refs);
> $q_notes = $dbh->quote($notes);
> $q_therapy = $dbh->quote($therapy);
> $q_analysis = $dbh->quote($analysis);
> $q_critique = $dbh->quote($critique);
> $q_getcopy = $dbh->quote($getcopy);
>
>
> #update entry form into the database
>
> $sth = $dbh->prepare( "UPDATE tbl_sarah SET authors = '$authors', title =
> '$title', year = '$year', source = '$source', topic = '$topic', purpose =
> '$purpose', sample = '$sample', gmc = '$gmc', process = '$process', outcome
> = '$outcome', rater = '$rater', results = '$results', refs = '$refs', notes
> = '$notes', therapy = '$therapy', analysis = '$analysis', critique =
> '$critique', getcopy = '$getcopy' WHERE id = '$id'" );
> $sth->execute();
>
> --I've put single quotes and also tried no quotes around the variables in
> the SQL statement; neither worked.
>
> Thanks again,
> Omri
>
>
> -----Original Message-----
> From: Rodney Broom [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 13, 2000 10:15 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Problem with single quote ' character
>
>
> Hi Omri,
>
> RH> This is an FAQ and there is a lot of info on this. You need to escape
> it
> RH> with \.
> RH> Just about all languages have a function that does this for you. Look
> up
> RH> the appropriate docs.
>
> Hmm, let's see if I can be a little bit more helpful than Rolf. Although he
> really is right. ;-)
>
> - Here's the SQL side of it:
> Let's say that $firstfield is equal to "Rodney's sooo cool!', and that $id
> is
> equal to 86. That means that when this statement is passed into your DB
> (MySQL),
> that the text of:
> UPDATE tbl_hello SET firstfield = '$firstfield' WHERE id = '$id'
> will come through as:
> UPDATE tbl_hello SET firstfield = 'Rodney's sooo cool!' WHERE id = '86'
>
> See the problem?
>
> - OK, now the Perl side:
> First, I'm assuming that you are using the DBI package. If not, say so. DBI
> provides a neeto routine called quote(), it works like this:
> $q_var = $dbh->quote($var);
> So, doing that to $firstfield would look like this:
> $q_firstfield = $dbh->quote($firstfield);
> $firstfield is not equal to ['Rodney\'s soo cool'], including all three
> single
> quotes. So, if your Perl code looks like this:
> $sql = sprintf(
> qq{UPDATE tbl_hello SET firstfield = %s WHERE id = '$id'},
> $dbh->quote($firstfield)
> );
>
> Then you'll get the SQL to pass to the DB that you are looking for.
> Hollar if you have any other questions.
>
> ----
> Rodney Broom
>
>
>
> --
> ---------------------------------------------------------------------
> Please check "http://www.mysql.com/documentation/manual.php" before
> posting. To request this thread, e-mail [EMAIL PROTECTED]
>
> To unsubscribe, send a message to:
> <[EMAIL PROTECTED]>
>
> If you have a broken mail client that cannot send a message to
> the above address (Microsoft Outlook), you can use:
> http://lists.mysql.com/php/unsubscribe.php
>
